- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
<iframe id="cproIframe_u1579640_1" width="120" height="600" src="http://pos.baidu.com/acom?adn=4&amp;at=231&amp;aurl=&amp;cad=1&amp;ccd=24&amp;cec=GBK&amp;cfv=18&amp;ch=0&amp;col=zh-CN&amp;conBW=0&amp;conOP=1&amp;cpa=1&amp;dai=1&amp;dis=0&amp;ltr=http%3A%2F%2Fwww.mengwuji.net%2Fforum.php&amp;ltu=http%3A%2F%2Fwww.mengwuji.net%2Fthread-2544-1-1.html&amp;lu_161=6&amp;lunum=6&amp;n=81082150_cpr&amp;pcs=1333x595&amp;pis=10000x10000&amp;ps=429x1292&amp;psr=1366x768&amp;pss=1333x598&amp;qn=3375be914d279bdd&amp;rad=&amp;rsi0=120&amp;rsi1=600&amp;rsi5=4&amp;rss0=%23FFFFFF&amp;rss1=%23FFFFFF&amp;rss2=%230000ff&amp;rss3=%23444444&amp;rss4=%23008000&amp;rss5=&amp;rss6=%23e10900&amp;rss7=&amp;scale=&amp;skin=tabcloud_skin_3&amp;stid=5&amp;td_id=1579640&amp;titFF=%E5%AE%8B%E4%BD%93&amp;titFS=12&amp;titTA=left&amp;tn=text_default_120_600&amp;tpr=1443344082884&amp;ts=1&amp;version=2.0&amp;xuanting=0&amp;dtm=BAIDU_DUP2_SETJSONADSLOT&amp;dc=2&amp;di=u1579640&amp;ti=%E9%80%86WIN7X64%E5%86%85%E6%A0%B8%E8%B0%83%E8%AF%95%E4%BD%93%E7%B3%BB%E4%B9%8BNtDebugActiveProcess-%E2%98%85%E5%86%85%E6%A0%B8%E8%A1%A5%E4%B8%81%E2%98%85-%E6%A2%A6%E7%BB%87%E6%9C%AA%E6%9D%A5%20-%20Powered%20by&amp;rs=60011&amp;tt=1443344082851.36.110.115" align="center,center" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" allowtransparency="true" style="word-wrap: break-word;"></iframe>
NTSTATUS __fastcall proxyNtDebugActiveProcess(HANDLE ProcessHandle, HANDLE DebugObjectHandle){
PMY_OBJECT_TYPE object;
PMY_OBJECT_TYPE debugobject;
OBJECT_HANDLE_INFORMATION objecthandleinformation;
NTSTATUS status;
PETHREAD LastThread;
status=ObReferenceObjectByHandle(ProcessHandle, 0x800, PsProcessType, UserMode, &object, &objecthandleinformation);
if (NT_SUCCESS(status)){
if (object == PsGetCurrentProcess() || object == PsInitialSystemProcess){
ObfDereferenceObject(object);
status = STATUS_INVALID_HANDLE;
}
}
status = ObReferenceObjectByHandle(DebugObjectHandle, 0x2, NewDbgObject, UserMode, &debugobject, &objecthandleinformation);
if (!NT_SUCCESS(status)){
status = STATUS_INVALID_HANDLE;
ObfDereferenceObject(debugobject);
ObfDereferenceObject(object);
}
else{
if (ExAcquireRundownProtection((PEX_RUNDOWN_REF*)(object + 376))){
((pfnDbgkpPostFakeProcessCreateMessages)DbgkpPostFakeProcessCreateMessages)(object, debugobject, &LastThread);
((pfnDbgkpSetProcessDebugObject)DbgkpSetProcessDebugObject)(object, debugobject, status, LastThread);
}
else{
status = STATUS_PROCESS_IS_TERMINATING;
}
ExfReleaseRundownProtection((PEX_RUNDOWN_REF*)(object + 376));
}
return status;
}
今天先发一个 |
|